diff --git a/changelog/65137.security.md b/changelog/65137.security.md
new file mode 100644
index 000000000000..8d6f57c7d0c7
--- /dev/null
+++ b/changelog/65137.security.md
@@ -0,0 +1 @@
+Update to `gitpython>=3.1.35` due to https://github.com/advisories/GHSA-wfm5-v35h-vwf4 and https://github.com/advisories/GHSA-cwvm-v4w8-q58c
diff --git a/requirements/darwin.txt b/requirements/darwin.txt
index ec3356da11e7..0a1f727066a1 100644
--- a/requirements/darwin.txt
+++ b/requirements/darwin.txt
@@ -4,6 +4,7 @@
 
 apache-libcloud>=2.4.0
 cherrypy>=17.4.1
+gitpython>=3.1.35
 cryptography>=41.0.3
 gitpython>=3.1.30
 idna>=2.8
diff --git a/requirements/static/ci/common.in b/requirements/static/ci/common.in
index 04d0c3eaa295..9cb531ad9d5e 100644
--- a/requirements/static/ci/common.in
+++ b/requirements/static/ci/common.in
@@ -15,7 +15,7 @@ clustershell
 croniter>=0.3.0,!=0.3.22"; sys_platform != 'win32'
 dnspython
 etcd3-py==0.1.6
-gitpython>=3.1.30
+gitpython>=3.1.35
 jmespath
 jsonschema
 junos-eznc; sys_platform != 'win32'
diff --git a/requirements/windows.txt b/requirements/windows.txt
index 2c7e8359264a..b1df1a7f6348 100644
--- a/requirements/windows.txt
+++ b/requirements/windows.txt
@@ -9,7 +9,7 @@ pythonnet>=3.0.1
 certifi>=2022.12.07
 cffi>=1.14.5
 cherrypy>=18.6.1
-gitpython>=3.1.30
+gitpython>=3.1.35
 cryptography>=41.0.3
 lxml>=4.6.3
 pyasn1>=0.4.8